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ARGUMENT 



I. REPLY TO EXAMINER'S ANSWER 

LA Claims 1-2, 4, 7. 9-12, 14. 19-22. 24. 27. and 29-30 

Regarding claims 1-2, 4, 7, 9-12, 14, 19-22, 24, 27, and 29-30, the Examiner states that: 

The Examiner contends that a "superclass" as defined in the Applicant's 
application, is a base permission which is defined along with inherited, or 
subclass permissions that fall below the base permission in a hierarchy of 
permissions. Gong discloses a hierarchy of permissions as well, with the 
permission superclass being the highest permission on the hierarchy tree (column 
6 lines 27-35). Furthermore, the permissions which encompass the permissions 
below them, can be interpreted as "super classes" of the permissions they 
encompass. Based on this definition of super class, Gong discloses, "if every 
associated protection domain contains a permission object that represents a 
permission encompassing the required permission, then the request action is 
authorized" (column 19 lines 26-30). The "permission encompassing the 
required permission" is interpreted as being the superclass, as it is a higher 
permission as it "encompasses" the required permission. Furthermore, if this 
superclass permission of the required permission is contained in "every 
associated protection domain" is analogous to the superclass permission of a 
required permission being present in each protection domain of the claim 1 . 
Furthermore, the access control context is analogous to authorizing an action, as 
it is granting access to perform a certain action. Therefore, it is asserted that 
Gong meets every aspect and limitation of the above claim limitation. 
Examiner's Answer dated July 28, 2006, pp. 5-6. 

In this Examiner's Answer, the same flawed interpretation of encompassing permission in Gong 
is present. In the Appeal Brief, Appellants have already explained why Gong's encompassing 
permissions are not the same as superclass permissions as recited in the claims. That explanation is 
accompanied by sections from Gong's disclosure that support the distinctions drawn between an 
encompassing permission and a superclass permission as explained by the Appellants. That explanation 
is not repeated here again for the sake of brevity. The Examiner's Answer continues to be based upon 
the flawed interchanging of Gong's encompassing permission for the superclass permission recited in the 



The Examiner, however, has cited the following additional sections of Gong's disclosure in the 

Examiner's Answer: 

As shall be described in greater detail hereafter, a "permission super class" is 
established from which subclasses may be created. Objects that belong to 
subclasses of the permission super class represent permissions, and are therefore 
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referred to as permission objects. The permission subclasses inherit the methods 
and attributes of the permission super class, including a validation method. Each 
permission subclass provides an implementation of the validation method. 
Gong, col. 6, 11. 27-35. 

In this paragraph, Gong simply describes that a permission superclass follows the object oriented 
methodology. Gong describes the use of inheritance in object oriented technology to create hierarchies 
of superclass and subclass permissions. However, this paragraph and the remainder of Gong's 
disclosure, does not lend any support or incentive for the Examiner's interchanging of an encompassing 
permission for a superclass permission. As explained in the Appeal Brief, Gong defines superclass in 
terms of commonly known object oriented hierarchy of classes. In a typical superclass-subclass 
hierarchy, the methods and attributes of a superclass may be inherited and modified by a subclass that 
derives from the superclass. According to Gong, a permission encompassing the required permission 
simply means a larger permission that "encompasses" or inherently includes a smaller permission, but not 
a "superclass" permission in the hierarchy of permissions classes. 

In a superclass-subclass hierarchy, the attributes and methods of the superclass can be 
defined in mutually exclusive ways in one or more child subclasses. This property of a 
superclass entity is different from Gong 's notion of an encompassing entity. For example, a 
permission PI to withdraw $300 encompasses a permission P2 to withdraw $200. However, this 
does not mean that a parent permission P that provides for only a number and an activity 
associated with that number "encompasses" the child permission number representing $300 and 
the action representing the withdrawal thereof, within the context of Gong. This example shows 
inheritance, but not "encompassing" as Gong describes the term. Gong specifically uses the term 
"encompass" and not superclass to indicate this difference, as is evident from the following 
section in Gong: 

One permission can imply another. When one permission implies another 
permission, that one permission is said to encompass the other permission. For 
example, a permission to write to a directory, such "c:/", can imply a permission 
to write to any file in the directory, such as "c:/thisfile". Furthermore, an 
attribute of a permission can imply an attribute of another permission. For 
example, in some implementations, the action attribute of a permission to "write" 
implies an action attribute of a permission to "read". An amount attribute of a 
permission to withdraw three hundred dollars implies another attribute of a 
permission to withdraw two hundred dollars. 
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Usually, a permission encompasses another permission when all the permission 
attributes of one permission imply all the corresponding permission attributes of 
another permission. For example, a permission to "write" to file "d:/somefile" 
implies a permission to "read" from file "d:/somefile" because a "write" implies 
a "read". However, a permission to "write" to file "d:/somefile" does not imply a 
permission to "read" from file "d:/otherfile" because "d:/somefile" does not 
imply "d:/otherfile". 
Gong, col. 7, 11. 30-50 

Gong teaches that when a first permission "implies" a second permission, the first permission 
encompasses the second permission. This express statement in Gong describes what Gong means by 
permission encompassing the required permission. The statement makes clear that Gong does not mean a 
permission superclass, or superclass permission as defined in Appellants' specification, to be a 
permission encompassing the required permission. (Specification p. 18, 11. 6-17). 

The limited description in the new paragraph cited in the Examiner's Answer, which only states 
that permissions can be organized into object oriented hierarchies, is not sufficient for concluding that 
encompassing permission and superclass permission are one and the same. Therefore, Appellants 
maintain that Gong does not teach the features, "determining if a superclass permission of a required 
permission is present in each protected domain of an access control context, wherein the superclass 
permission is a super class of the required permission", and "adding the required permission to a 
permission collection if the superclass permission of the required permission is present in each protection 
domain of the access control context" as recited in claim 1. Consequently, Gong does not teach all the 
features of claim 1 as recited, and does not anticipate claims 1-2, 4, 7, 9-12, 14, 19-22, 24, 27, and 29-30 
under 35 U.S.C. § 102(b). 

LB Claims 3, 13, and 23 

Regarding claims 3, 13, and 23, the Examiner states that: 

The Examiner contends that Gong teaches determining which 
encompassing permission (superclass permission) contains the required 
permission for the action (column 18 lines 37-45). If the encompassing 
permission (superclass permission) of the required permission is present in every 
protection domain, then access is authorized for the action (column 18 lines 37- 
45). Therefore, the Examiner respectfully asserts that Gong does teach 
determining the superclass permission of the required permission based on the 
required permission. 
Examiner's Answer dated July 28, 2006, p. 6. 

The Examiner's Answer continues to rely upon the flawed interchanging of Gong's 
encompassing permission for the superclass permission as recited in claim 3. The flaw in the Examiner's 
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reasoning has been fully addressed in the pending Appeal Brief in this case. The Examiner has simply 
reiterated that flawed interpretation and cited to the same sections of Gong that have been addressed in 
the Appeal Brief. Thus, no further argument is necessary because Gong does not teach the feature, 
"determining the superclass permission of the required permission based on the required permission" 
recited in claim 3 as previously explained. Consequently, Gong does not anticipate claims 3, 13, and 23 
under 35 U.S.C. § 102(b). 

I.C Claims 5, 15, and 25 

Regarding claims 5, 15, and 25, the Examiner states that: 

The Examiner contends that Gong teaches creating a new permission 
collection and adding the required permission to the new permission collection. 
Gong teaches, "when a new category of permissions is desired, a new subclass is 
created" (column 19 lines 36-38). The new subclass is analogous to the 
permission collection because it contains different permissions. Furthermore, 
Gong teaches that "the particular rules or policy that govern whether the 
permissions granted a principal are encompassed by permission in the new 
category are implemented in the validation method of the new subclass 
representing permissions in the new subclass" (column 19 lines 39-43). The 
validation method is responsible for checking if the required permission that has 
been added to the new subclass, is encompassed by a permission in the new 
category. Furthermore, if a new subclass is being created, based on Gong's 
inheritance principals (column 6 lines 31-35), the permissions would be passed 
down from the superclass down to the subclasses, so the required permissions 
would be added to the subclasses (permission collections). 
Examiner's Answer dated July 28, 2006, p. 7. 

The Examiner's Answer cites to the following section in Gong for support: 

Typed permissions facilitate the establishment of new permissions. When a new 
category of permissions is desired, a new subclass is created. 
Gong, col. 19, 11. 36-38. 

The submitted Appeal Brief quotes this section and provides the analysis of Gong 's teachings 
contained therein on page 24 under the Argument section, subsection C. The citation to the Gong 's 
section quote is incorrect on the Appeal Brief page 24. The citation should read, "Gong, col. 19, 11. 32- 
43," instead of "Gong, col. 19, 11. 38-43." 

As can be seen, that section of the Appeal Brief provides the analysis of the section of Gong that 
is inclusive of the section cited in the Examiner's Answer above. Furthermore, the Examiner's Answer 
reiterates a second flawed interpretation of Gong, which Appellants have already addressed in the Appeal 
Brief. The Examiner incorrectly asserts now, as the Examiner had incorrectly asserted in the final office 
action, that a new subclass in Gong is analogous to a new permission collection as claimed. As described 
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in the Appeal Brief, Gong does not support the Examiner's analogy. Therefore, no new arguments are 
presented in the Examiner's Answer as to the anticipation of claims 5, 15, and 25 as to this analogy. 

The Examiner had cited the following section in rejecting claims 6, 8, 16, 18, 26, and 28 in the 
final office action. This section has now been cited against claims 5, 15, and 25 in the Examiner's 
Answer: 

The domain mapper object 448 contains a mapping between classes and 
protection domains objects. Protection domain objects 482 contain a set of 
permissions. Protection domain objects are associated with the permission 
objects they contain, and with the classes to which a protection domain object is 
mapped to by domain mapper object 448. 

Protection domain objects 482 are created when new classes are received by 
code executor 410. When a new class is received, domain mapper 448 
determines whether a protection domain is already associated with the code 
source. The domain mapper maintains data indicating which protection domains 
have been created and the code sources associated with the protection domains. 
If a protection domain is already associated with the code source, the domain 
mapper adds a mapping of the new class and protection domain to a mapping of 
classes and protection domains maintained by the domain mapper 448. 

If a protection domain object is not associated with the code source of the new 
class, a new protection domain object is created and populated with permissions. 
The protection domain is populated with those permission that are mapped to the 
code source of the new class based on the mapping of code sources to 
permissions in the policy object. Finally, the domain mapper adds a mapping of 
the new class and protection domain to the mapping of classes and protection 
domains as previously described. 
Gong, col. 16, 1. 56 - col. 17, 1. 13. 

The Examiner asserts that this section of Gong teaches, "creating a new permission collection 
and adding the required permission to the new permission collection" feature of claim 5. The Appeal 
Brief contains the analysis of this section of Gong as to claims 6, 16, 26, and 8, 18, 28 in the Arguments 
section, subsections D and E respectively. Whether this teaching can be interpreted as teaching the 
claimed feature is irrelevant because Appellants have shown that Gong does not anticipate claim 5 at 
least by virtue of its dependence from claim 1 . Therefore, Appellants maintain that Gong does not 
anticipate claims 5, 15, and 25 under 35 U.S.C. § 102(b). 

The Examiner further cites to Gong column 6, lines 31-35, analyzed above. Using the fact about 

inheritance in object oriented technology stated in this section of Gong, the Examiner makes the 

following statement: 

Furthermore, if a new subclass is being created, based on Gong's inheritance 
principals (column 6 line 31-35), the permissions would be passed down from 
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the superclass down to the subclasses, so the required permissions would be 
added to the subclasses (permission collections). 
Examiner's Answer dated July 28, 2006, p. 7. 

This statement is not logical for two reasons. First, the Examiner proceeds from the reasoning 
that creation of a permission collection is the same as creation of a subclass. Arguments in the Appeal 
Brief describe the flaw in this reasoning. Second, the Examiner suggests that based on the inheritance 
principle, "permissions would pass down from the superclass down to the subclasses". In an object 
oriented hierarchy, the superclass contains attributes and methods common among the subclasses derived 
from the superclass. Each subclass can add attributes and methods not present in the superclass, or can 
redefine methods of the superclass in ways that are mutually exclusive with other subclasses. This 
commonly understood principle of object oriented methodology is supported by Gong's own disclosure 
as follows: 

As shall be described in greater detail hereafter, a "permission super class" is 
established from which subclasses may be created. Objects that belong to 
subclasses of the permission super class represent permissions, and are therefore 
referred to as permission objects. The permission subclasses inherit the methods 
and attributes of the permission super class, including a validation method. Each 
permission subclass provides an implementation of the validation method. 
Gong, col. 6, 11. 27-35. 

Permissions objects are based on the various subclasses created from the superclass. This fact is 
also supported by Gong's disclosure above. Therefore, according to the Examiner's reasoning, 
permissions based on subclasses will be added to other subclasses. Ignoring the first identified flaw in 
this reasoning momentarily, even if the Examiner's argument were to be true, it is the objects of other 
subclasses (permissions) that would be passing down to the subclasses, and not objects of other 
subclasses (permissions) from a superclass passing down to the subclasses. An object of a subclass 
cannot be present in a superclass so that it may be passed down to another subclass. Furthermore, an 
object of the superclass cannot have any mutually exclusive definitions for any of the object's contents 
with those of subclass contents, whereas, objects of a different subclass can. Therefore, the Examiner's 
reasoning that, "permissions would pass down from the superclass down to the subclasses" is logically 
incorrect for this additional reason. 

Therefore, the Examiner's Answer fails to present any new arguments based on Gong's 
disclosure that support anticipation rejection of claim 5. Consequently, Gong does not anticipate claims 
5, 15, and 25. 



(Reply Brief Page 7 of 9) 
Kovedetal.- 10/002,439 



I.D Claims 6, 8, 16. 18. 26. and 28 

Regarding claims 6, 16, and 26, the Examiner states that: 

Gong teaches, "when a new category of permissions is desired, a new 
subclass is created" (column 19 lines 36-38). This new subclass is analogous to 
the new permission collection because it contains different permissions. 
Furthermore, Gong teaches that "the particular rules or policy that govern 
whether the permissions granted a principal are encompassed by permission in 
the new category are implemented in the validation method of the new subclass 
representing permissions in the new subclass" (column 19 lines 39-43). The 
validation method is responsible for checking if the required permission that has 
been added to the new subclass, is encompassed by a permission in the new 
category. Furthermore, if a new subclass is being created, based on Gong's 
inheritance principals (column 6 lines 31-35), the permissions would be passed 
down from the superclass down to the subclasses, so the required permissions 
any subclass permissions which encompass the new subclass would be added to 
the new subclass (permission collection). 
Examiner's Answer dated July 28, 2006, p. 8. 

The Examiner's Answer continues to rely upon the two flaws already discussed. The Examiner's 
reasoning is flawed because creation of a subclass in Gong is not the same creation of a permission 
collection as claimed. The Examiner's reasoning is also flawed because Gong's encompassing 
permission is not interchangeable with the superclass permission as recited in claim 6. These flaws in the 
Examiner's reasoning have been fully addressed in the pending Appeal Brief in this case, and are not re- 
analyzed here for the sake of brevity. 

The Examiner additionally relies on the reasoning of the Examiner's Answer addressed in 
section I.C above, against claims 6, 8, 16, 18, 26, and 28 as well. Examiner's argument there - 
permissions would be passed down from the superclass down to the subclass - has been demonstrated to 
be an incorrect conclusion from Gong's disclosure. The analysis of the Examiner's Answer in section 
I.C above is similarly applicable here. Because the Examiner raises no new argument in the Examiner's 
Answer that has not already been fully analyzed before, no further arguments are necessary on the part of 
the Appellants. Therefore, Appellants maintain that Gong does not teach the feature, "adding any 
subclass permissions of the required permission to the new permission collection" recited in claim 6. 
Gong also does not teach the feature, "adding the permission to a permission collection associated with 
the superclass permission" as recited in claim 8 for the same reasons. Consequently, Gong does not 
anticipate claims 6, 8, 16, 18, 26, and 28 under 35 U.S.C. § 102(b). 
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II. SUMMARY 

The reference cited by the Examiner does not anticipate claims 1-30 under 35 U.S.C. § 102(b). For 
this reason, Appellants respectfully request that the rejections be overturned and the claims allowed. 



/Rakesh Garg/ 
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